What is a jar file?

Java applications consist of libraries and compiled java files, called class files and java bytecode. All of these files are bundled together in one archive file, called the jar file.  A jar file can also be executed like an executable file, depending on the system, it will execute if double-clicked or execute with the command: java -jar some-app.jar

What is Java Runtime Environment?

The Java Runtime Environment (JRE) is software which is required on any system where java applications are executed. The JRE enables java applications to run on multiple platforms, for example: Windows, Linux, Apple Mac, etc. The JRE is updated regularly and the most recent versions usually have better performance. It is therefore sensible to update to the latest version. The JRE consists of the Java Virtual Machine (JVM) and all the core libraries and classes required to run a Java Application.

What is SSL?

SSL or Secure Sockets Layer is security technology which is used on the internet or other networks to make a secure connection between the server and the client (browser). SSL encrypts all the information sent between the server and client. The SSL protocol uses public and private keys together with a SSL certificate to verify the authenticity of the sender and to ensure the integrity of the transactions. The SSL certificate is signed by a trusted Certification Authority like Verisign, Thawte, etc. The ceritificate contains information of the sender's domain name, company name, etc., and the sender's public key. The sender encrypts all the information with its private key, which is only known to him/her. The client decrypts the information, using the public key. The SSL secure connection is created automatically between the server and the browser when the URL starts with https - the http protocol for a secure connection. Websites use the SSL connection for sensitive information such as that contained in credit cards.

How safe is the software?

• Software upload:

The software is uploaded using secure FTP (SFTP). FTP (File Transfer Protocol) is used to transfer files over the internet and other networks. SFTP is a secure FTP built on SSL. SFTP transfers files with the additional security of SSL. It is as secure as HTTPS. Therefore the software cannot be tampered with in the uploading process.

• Software storage:

The software is stored in a non-surfable directory (web browsers cannot see it). The directory and files are also protected by passwords.

• Software download to client:

The client receives a temporary download link which is only available for a certain period of time. The download link includes the HTTPS protocol, which uses SSL security.

• Software checksums:

Checksums are calculated for all the files included in the download. A Checksum is a key generated by a hash algorithm. The hash algorithm is a cryptographic algorithm which accepts as input a variable length file or string, and produces a string called the "key" or “fingerprint”. It is unique for every input string. Some hash algorithms can result in a "collision" when it produces the same result key for two different inputs. This hardly ever happens but we have used 5 different hash algorithms for each file which will make it mathematically impossible to find 5 collisions. The hash functions we used are: MD5, SHA1, SHA256, SHA384 and SHA512. Some of these hash function generate a longer key which lowers the probability to find another identical result key.

The checksums for all the software files and their file sizes, will be available on the website to registered users. Once the software download has finished, the client can use hash function software to generate the keys and then compare these keys with the ones shown on the website. If it matches, the client can be confident that the software download has been successful and that the file integrity has been verified. There is a variety of free tools available for verification and hash generation. Examples are:  ExactFile (Windows),Fsum (Windows),Jacksum (Multiplatform) and GtkHash.

• Software language:

The software is written in Java, created by Sun Microsystems, Inc. Java is compiled into bytecode. Java applications cannot run on their own like most other compiled executable software applications. The bytecode is interpreted by the JVM (Java Virtual Machine). The JVM software is written for most operating systems including Windows, Linux and Apple Mac. The Java Virtual Machine is part of the JRE (Java Runtime Environment) developed by Sun Microsystems, Inc. Although there are other companies who have created JVMs that adhere to Sun's JVM specifications, like Kaffe and IBM J9. The JVM handles exceptions for all software errors independently of the source code. In addition, Java applications can catch and fix all potential errors.

Excerpt from wikipedia :

"A basic philosophy of Java is that it is inherently "safe" from the standpoint that no user program can "crash" the host machine or otherwise interfere inappropriately with other operations on the host machine, and that it is possible to protect certain functions and data structures belonging to "trusted" code from access or corruption by "untrusted" code executing within the same JVM. Furthermore, common programmer errors that often lead to data corruption or unpredictable behavior such as accessing off the end of an array or using an uninitialized pointer are not allowed to occur. Several features of Java combine to provide this safety, including the class model, the garbage-collected heap, and the verifier." - See http://en.wikipedia.org/wiki/Java_Virtual_Machine.

The JVM controls the memory usage of the application (the garbage collector) and when the application is closed the virtual machine will free the memory used by the application. Java has a more secure design because it is a strong type language. Variables are always initialized and programmers cannot use any dangerous pointer arithmetic with memory. When Java code is loaded into memory, it is verified by the bytecode verifier to see if it conforms to the correct format (length, numbers, overflows, etc.). Also the compiler that is used is trustworthy and the code legal. This is just a touch on Java's secure design - there is a lot more to mention like the role of the Classloader and SecurityManager. From all of this it can be said that Java is one of the safest languages to use.

• The software:

The software does not gather any personal information and it only saves 3 types of files; 2 of which are initiated by the user and placed in a directory which has been chosen. It comprises the report of the multiplication exercise and the multiplication error file, which contains a list of the tables answered incorrectly. The application uses a properties file in which it saves the preferences of the user. The preferences consist of the language chosen by the user as well as the user’s most recently chosen directory in which to save a report of the multiplication table exercise. Most applications store their users’ preferences.